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•• The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E0 Responsive to communication(s) filed on 12 August 2002 , 
2a)0 This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



30 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claims 1-20 were pending for examination. 



Claim Rejections - 35 USC § 112 



Claims 1-20 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

In claims 1 (line 8) ,6 (line 8) ,1 1 (line 9), and 16 (line 8) the term " substantially" is 
indefinite . 

Dependent claims 2-5, 7-10, 12-15, 17-20 are also rejected by virtue of their 
dependencies. 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 



A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 



The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AEPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AEPA (pre-AIPA 
35 U.S.C. 102(e)). 



Claim Rejections - 35 USC §102 
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Claims 1-2, 5-7, 10-12 and 15-17 and 20 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Nachenberg (IDS #5), US Pat. No. 6, 067, 410, files Feb. 1996. 

As per claims 1, 6, 11 and 16, , Nachenberg is directed to an emulation repair system 
(ERS) which restores virus-infected computer files to their uninfected states , see abstract. 

Nachenberg teaches scanning the computer system for the malicious (or virus) code and 
identifying the type of virus , see col. 6, lines 37-40, see also, col. 10, lines 33-54. 

Nachenberg teaches a virus definition file (i.e. a data file) comprising an entry or virus 
definition for each known virus . Each virus definition contains information specific to a virus 
or a family of such viruses, see col. 7, lines 54-57. That is, the ERS uses the virus type at input 
as an index to an appropriate virus definition in virus definition file, see col. 7, lines 58-60. 

Nachenberg further teaches that the virus definition of the virus definition file includes an 
index to an associated overlay file appropriate for the virus, see col. 7, lines 61-65. 

Nachenberg' s virus definitions of virus definition file are used for decrypting the virus 
and for identifying the appropriate one of overlay module, see col. 9, lines 1-16, see also, col. 8, 
lines 20-31 and that overlay module includes code (i.e. commands) for locating and co-opting 
virus repair code to restore host file (i.e. executing at least one command to restore the computer 
system to substantially the state as it existed prior to modification by the malicious code), see 
col. 10, lines 20-32. 
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As per claims 2, 7, 12 and 17, Nachenberg teaches that the overlay module designated in 
thee virus entry of the virus definition file, is written for a specific virus and includes information 
for locating the host bytes, and if necessary, the virus repair routine in the virus , wherein the 
overlay module uses this information in conjunction with some combination of overlay, 
foundation, and virus repair routines to restore the host bytes to their proper locations in the host 
file and truncate (i.e. delete) the viral code from the host file, see col. 3, lines 27-50. The 
teaching of Nachenberg clearly suggests reading, writing and deleting as necessary processes to 
first locate (i.e. read) the host bytes and restoring the bytes to their proper location (i.e. write) 
and truncate (i.e. delete) the virus code. 

As per claims 5, 10, 15 and 20, Nachenberg teaches Virus definition files (i.e. a plurality 
of data files) , wherein a Virus Id identifies the specific virus or virus strain that ERS is being 
called upon to repair. 

Nachenberg further discloses three scenarios representing some of the common strategies 
employed by various viruses for infecting COM, EXE, and SYS files, see col. 4, line 35 through 
col. 5, line 35, see also col. 7, line 65 through col. 8, line 33. 

Claim Rejections - 35 USC § 103 

Claims 3, 8, 13 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nachenberg as applied to claims 1,6, 11 and 16 above, and further in view of Templeton, US 
Pat. 6, 401,210, filed Sep. 1998. 

In an embodiment, Templeton presents a method of managing a file infected by at least 
one computer virus. 
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In one embodiment, Templeton teaches a virus bin comprising a database, controlled 
access directory, or other data structure holding a plurality of files and information fields related 
to the files. Templeton teaches that an anti-virus process may be used to continually monitor a 
system for viruses via a memory-resident program providing real-time protection. 

The anti-virus process may be used to scan one or more files in a file structure for a virus 
and the anti-virus process may prompt the user to select an option to deal with viruses that may 
be detected, the options comprise: attempt to clean the file, delete the file, rename the file, or 
move the file to the virus bin, see col. 3, line 40 through col. 4, line 4. 

It would have been obvious to one of ordinary skill in the art to modify the repair system 
of Nachenberg to that of Temleton to rename and delete infected files, because deleting alone 
would remove the virus from the computer system, but also destroys the files original content 
while renaming the infected files would preserve the original content while reducing the 
probability of the file being accidentally used or transferred, see col. 1, lines 22-56. 

Claims 4, 9, 14, and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Nachenberg as applied to claims 1,6, 11 and 16 above, and further in view of FIXHAPPY (a 
Happy99.worm Removal Tool) announced by Antivirus Research Center (IDS #5). 

The Happy99.worm Removal Tool restores WSOCK32.DLL modified to hook the mail- 
sending and newsgroup article-posting routine. Happy99.worm Removal Tool modifies the 
Windows system directory by deleting SKA.EXE and SKA.DLL files and by removing windows 
registry modification. It would have been obvious to one of ordinary skill in the art to modify 
Nachenberg,s repair system to incorporate the feature taught in Happy99.warm Removal Tool to 
not only restore the content of infected file (s) (in system directory ) , but also to modify other 
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file(s) infected (in system registry ) to reduce the spread of the worm (virus), especially when a 
user is online or connected to a network, see the document. 

Prior art made of record not relied on: 

US Pat. 5,408,646 is directed to method for recovery of a computer program infected by a 
computer virus. 

Us Pat. 5, 485,575 discusses a computer virus structure and means of attachment to its 

hosts 



Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Taghi Arani, whose telephone number is (703) 305-4274. The examiner 
can normally be reached Monday through Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax numbers for the 
organization where this application is assigned is: 
(703) 872-9306 



Conclusion 



Taghi Arani 



' AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




Patent Examiner 



3/3/2004 



